TARLOGIC's BLOG
Cybersecurity - Page 3

Cybersecurity articles with security analysis and ethical hacking technics information

Hardware vulnerabilities in smart locks
Hardware vulnerabilities in smart locks
Fran Álvarez Wic

We evaluate the hardware security level of the smart locks, disassembling one and analyzing the elements that make it up We got our hands on a Yale Linus smart lock, one that you c[...]

Read more
CVE-2023-4863: Heap buffer overflow in Google libwebp (WebP)
CVE-2023-4863: Heap buffer overflow in Google libwebp (WebP)
S.T.A².R.S Team

The vulnerability CVE-2023-4863 is found in the open source Libwebp library and affects browsers such as Mozilla, Chrome and Edge On September 6th, 2023 Apple Security Engineering [...]

Read more
CVE-2023-35082: Unauthenticated API Access Vulnerability in MobileIron Core
CVE-2023-35082: Unauthenticated API Access Vulnerability in MobileIron Core
S.T.A².R.S Team

CVE-2023-35082 is a critical vulnerability that allows access to APIs in older versions of MobileIron Core Ivanti is having a tough time as another critical vulnerability has been [...]

Read more
CVE-2023-35078: Remote authentication bypass in Ivanti EPMM API
CVE-2023-35078: Remote authentication bypass in Ivanti EPMM API
S.T.A².R.S Team

CVE-2023-35078 is a critical vulnerability that allows access to restricted functionality of Ivanti mobile management software A new critical vulnerability has been discovered in I[...]

Read more
CVE-2023-3519: 0-day vulnerability exploited the wild in Citrix NetScaler
CVE-2023-3519: 0-day vulnerability exploited the wild in Citrix NetScaler
S.T.A².R.S Team

On July 18, 2023, Citrix released information and updates to address a critical vulnerability (CVE-2023-3519) in NetScaler ADC and NetScaler Gateway.  This vulnerability allows un[...]

Read more
CVE-2023-33299: Unauthenticated remote code execution vulnerability in FortiNAC
CVE-2023-33299: Unauthenticated remote code execution vulnerability in FortiNAC
S.T.A².R.S Team

On June 19, 2023, Fortiguard published the information and updates to fix a critical vulnerability (CVE-2023-33299) in its FortiNAC software, which can allow an unauthorized access[...]

Read more
The ins and outs of BlueTrust, a Bluetooth vulnerability
The ins and outs of BlueTrust, a Bluetooth vulnerability
Antonio Vázquez and Jesús María Gómez

BlueTrust is a Bluetooth vulnerability that allows information about devices and users to be obtained and trust relationships to be traced BlueTrust is a mechanism for discovering [...]

Read more
CVE-2023-27997: Fortinet Fortigate SSL VPN Pre-Auth RCE critical vulnerability
CVE-2023-27997: Fortinet Fortigate SSL VPN Pre-Auth RCE critical vulnerability
S.T.A².R.S Team

Details have been disclosed about a critical vulnerability (CVE-2023-27997) affecting Fortinet Fortigate devices with exposed SSL VPN services. This vulnerability, which does not r[...]

Read more
CVE-2023-34362: SQL Injection in Progress Software’s MOVEit Transfer
CVE-2023-34362: SQL Injection in Progress Software’s MOVEit Transfer
S.T.A².R.S Team

On May 31, 2023, Progress informed about a critical vulnerability (CVE-2023-34362) in its MOVEit Transfer software, which could potentially lead to privilege escalation and unautho[...]

Read more
CVE-2023-32353: Local privilege escalation via iTunes in Windows
CVE-2023-32353: Local privilege escalation via iTunes in Windows
S.T.A².R.S Team

Information has been disclosed about a new high criticality vulnerability that affects the Apple iTunes software in Windows environments. This vulnerability would allow an attacker[...]

Read more
1 2 3 4 5 6 12
Advanced penetration testing services